How to Launch a Secure Cloud Initiative: NASA s Jet Propulsion Laboratory

Transcription

1 How to Launch a Secure Cloud Initiative: NASA s Jet Propulsion Laboratory Tomas Soderstrom CTO, Jet Propulsion Laboratory, NASA Eric Chabrow Executive Editor, Information Security Media Group Session ID: CLD-203 Insert presenter logo here on slide master. See hidden slide 4 for directions Session Classification: Advanced

2 Agenda Trends from Information Security Media Group s 2012 Cloud Computing Security Survey. Case study of NASA s Jet Propulsion Laboratory successful initiatives to plan, pilot and deploy cloud computing offerings. Discussion between the presenters and RSA attendees on presentation. 2

3 3

4 2012 Cloud Security Survey Objectives Define the cloud. Gauge organizations' top cloud security concerns. Identify applications/services users feel comfortable/uncomfortable placing on the cloud. Determine user/provider security responsibilities.

5 2012 Cloud Computing Security Survey Insert presenter logo here on slide master. See hidden slide 4 for directions 5

6 Who Did We Survey Respondents from 17 sectors from around the globe IT Security Responsibilities 64% Determine strategy 52% Establish priorities 48% Manage budgets

7 Understanding Respondents How secure do you view your and your cloud provider s IT? (those answering secure, very secure) Own: 62% Cloud provider: 40%

8 Understanding Respondents Services deployed or soon to be deployed on cloud: Application hosting / messaging 30% 33% Application development / testing Data storage Collaboration software 26% 26% 24% 0% 5% 10% 15% 20% 25% 30% 35%

9 Cloud Jitters What s your greatest reservation about cloud computing? Data protection / data loss Enforcing security policies Audit trail Meeting regulatory requirements 7% 14% 10% 39% 0% 10% 20% 30% 40% 50%

10 Cloud Jitters What information do you consider too risky to put on a private cloud? Intellectual property / trade secrets: 49% Credit card: 49% Financial: 48% State/government secrets: 47% Corporate proprietary/sensitive information: 42% Health: 41% Customer records: 39% PPI: 39%

11 Moving onto the Cloud What is the primary factor that goes into deciding whether to deploy cloud computing? Security 30% Costs 24% Ability to share data among different resources 12% Resources 9% Privacy 6% 0% 5% 10% 15% 20% 25% 30% 35%

12 Moving onto the Cloud Do you employ third-party attestation? Yes: 64% No: 36%

13 Moving onto the Cloud 78% The number of respondents that say its important or very important that their cloud providers servers to be situated in the users country.

14 Moving onto the Cloud Would you move critical business systems to the cloud? No: 33% Perhaps, but not within 12 months: 31% Yes, one or more critical business systems on the cloud: 18% Yes, we plan to move one or more critical business systems to cloud within year: 18%

15 The Takeaway Organizations approach to cloud computing remains immature. Jitters exist about the cloud as a secure computing environment remains. Employing the cloud and making it secure is the domain of the IT and IT security organization. Despite anxieties, the cloud is happening and IT security professionals recognize they must find ways to make it secure.

16 Survey Lives On The 2012 Cloud Security Survey remains open. If you haven t yet, please take the survey at

17 Ready for Launch The 2012 Cloud Security Survey raises topics JPL s CTO Tom Soderstrom is about to address, including: Learning from existing, commodity cloud initiatives to better deal with providers. Surmounting security anxieties cloud computing presents. Turning the reality that the cloud is becoming a major computing platform into a tool you can employ securely.

18 Beyond the Pervasive Cloud: Lessons and the Future Tom Soderstrom IT Chief Technology Officer and Khawaja Shams Missions Cloud Expert NASA Jet Propulsion Laboratory Copyright 2011 California Institute of Technology. Government sponsorship acknowledged

19 JPL is part of both NASA and Caltech JPL is a Federally Funded Research and Development Center (FFRDC) Managed by CalTech for NASA NASA s lead center for robotic exploration of the solar system. Have 19 spacecraft and 9 instruments across the solar system and beyond $1.7B contract per year, ~ 5,000 employees; 177 acre facility located in Pasadena, CA, with 670K sq.ft of office space and 900K sq.ft. of labs Manages worldwide Deep Space Network 3 Locations - Goldstone CA, Madrid Spain, Canberra Australia Spacecraft Command & Control - Recording scientific data 50+ years experience in spacecraft design, production, operation JPL spacecraft have visited all planets in our solar system except Pluto! 19

20 Near Term Mars & Solar System Exploration Events EPOXI Comet Flyby Nov Stardust- NExT Comet Flyby Feb Aquarius Jun Juno Aug Dawn Vesta Arrival Aug (Ceres, February 2015) GRAIL Sep Mars Science Laboratory Nov / Aug NuSTAR Feb. 2012

21 21

22 22 Flicker by WSDOT

23 Credit: Eric Johnson

24 Industry Trends for the next IT Decade (from JPL s Office of the CIO) Work with anyone, from anywhere, with any data, using any device, at any time Immersive Visualization and Interaction You ve Got Apps Eco Friendliest Extreme Collaboration Made Simple Human Behavior Consumer Driven IT Refocused Cyber Security Big Data The Pervasive Cloud Transforming IT into Innovating Together

25 JPL s approach to Cloud Computing Go from this

26 JPL s approach to Cloud Computing to this and this Replace Every Procurement Screen with a Provisioning Screen. Jim Rinaldi JPL CIO John Callas, JPL

27 A few new concepts emerged 1. Cloud Application Suitability Model (CASM) 3. Cloud Readiness Levels (CRL) (Institution, Apps, Dev) 2. Wheel of Security Public and Non-Sensitive data can be accessed in the Cloud today NASA Technology Readiness Level 4. Cloud Oriented Architecture (CLOA)

28 Overcoming Barriers to Cloud Computing Keep it real Focus on real business problems Early hands-on prototypes in every promising cloud Avoid analysis paralysis, but be safe Pro-active partnering Educate, communicate, influence, elaborate Keep it real

29 Cloud Computing is helping JPL today and beyond Microsoft

30

31

32 32

33 Well, Skywalker, ignore or resist the Force at your own peril

34 InSAR Processing Big Data, Big Processing, Big Science! INSAR Processing 4 hours - 80 machines GB 4 TB Processing Cost: $256!

35 5 Giga-pixels 5 SWF EC2 S3 SimpleDB CloudWatch IAMs ELB A9?

36 Consumer Driven IT Impacts Always On Easy Anyone Anytime Anywhere Any device Any content Any form factor In Context 3D In the air Reading Connected Lifestyle Power Social Data Gaming Video Sound Wireless DDSS Drag + Drop + Sync + Share

37 The Consumer Cloud is already here

38 Courtesy Ken & Michelle Dyball/Getty Images

39 But how on earth can we make it secure?

40 Trend: Refocused Cyber Security Trends: Less control + increased regulation + more attacks + increased awareness Need faster solutions despite new challenges: Cloud Computing, Mobility, Personal devices, Collaboration, Social Media, International hacking, Increased partnering Cyber security goes from afterthought to front: The buck starts here Protect by enabling Partner with IT Security on all projects 40

41 SEPARATION OF CONCERN

42 COVERING OUR ASSETS ON CLOUD

43 Virtual private cloud

44 SECURED UPLINK PLANNING

45 LMMP The future of computing

46 So, what s next?

47 JPL Cloud Strategy: What s next for JPL and Clouds Applied Cloud First strategy Partner in the Cloud Cloud enables mobile benefits Specialized Clouds become the OS Evolve Cloud Oriented Architecture (CLOA) and Cloud Application Suitability Model (CASM) Innovating Together is the norm Make it and IT compelling Take full advantage of the rising tide of the Pervasive Cloud Keep it real

48 Recommendations for how to get started with cloud Get started now and learn with low sensitivity data Focus on new capabilities Prototype under the radar screen Communicate it as a business initiative (ROA) Partner with everyone including cross-functional leaders Use the 3-floor elevator test Expect license agreements to take time Look at the full risk vs. reward Innovate Together and Keep it real

49 Our New business DANCING ROBOTS

50 Surf the rising tide of Cloud Computing in your business Insert presenter logo here on slide master. See hidden slide 4 for directions

51 Thanks for listening Insert presenter logo here on slide master. See hidden slide 4 for directions 51